Some challenges have failed

Can you please help me, thank you.

My domain is:
http://thecommanddatabase.tech

I ran this command:
sudo certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): thecommanddatabase.tech
Requesting a certificate for thecommanddatabase.tech
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: thecommanddatabase.tech
Type: unauthorized
Detail: 2a00:4b40:aaaa:2005::6: Invalid response from http://thecommanddatabase.tech/.well-known/acme-challenge/Co_dmMlAAkeFzupRzDhAGLGYJmoAS_HtBYABP6RMmjI: 404
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 22.04.5 LTS

My hosting provider, if applicable, is:
Active24

I can login to a root shell on my machine (yes or no, or I don't know):
no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.11.0

1 Like

Welcome to the community @SisAnakonda06

That is an IPv6 address in the error message (the 2a00: part). You have an IPv6 AAAA address defined for your domain in the DNS.

Let's Encrypt prefers that to an IPv4 address.

But, your AAAA address does not point to your Apache server it points to an openresty server. The "404" means Not Found. Which is expected since you setup Apache for the HTTP Challenge but an openresty server is replying.

If you can support and test the IPv6 connection you should change the AAAA record to point to your Apache server. Otherwise you should remove it so people connecting to you will just use IPv4.

Sometimes hosting services make one of those records for new setups. That may be what happened here. In which case contact them about removing it.

You can test your connection with a site like this

4 Likes

Thank you very much!

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.